Secunia Research has discovered a vulnerability in DVR Remote ActiveX Control version 2.1.0.39, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by the ActiveX control during instantiation automatically downloading and loading DVRobot.dll from the "manifest" folder of the web server invoking the ActiveX control. Successful exploitation allows execution of arbitrary code via a specially crafted web page and hosted DVRobot.dll file.
e641c5041e65c7dcb486319e4f9f229021c6007e19079a2a67952f9abfd2a4b8The Call For Papers for SECURWARE 2012 has been announced. It will take place August 19th through the 24th, 2012 in Rome, Italy.
cbc67c8ed06418fe9f7edafb6733e4b77c47e0637a4a3af6d3b3aedf738fd526This Metasploit module exploits a stack based buffer overflow in the Active control file ImageViewer2.OCX by passing a overly long argument to an insecure TifMergeMultiFiles() method. Exploitation results in code execution with the privileges of the user who browsed to the exploit page. The victim will first be required to trust the publisher Viscom Software. This Metasploit module has been designed to bypass DEP and ASLR under XP IE8, Vista and Win7 with Java support.
ff98b933de5295139e90a1985be85c50e19987cebb121f5874c995e6d229d3eeSecunia Security Advisory - A vulnerability has been reported in SAP NetWeaver, which an be exploited by malicious people to disclose sensitive information.
072deb079ab3110a5f9620c740044aa535d322783df9f8cb70dd4794f9b11902Secunia Security Advisory - A vulnerability has been reported in SAP Crystal Reports, which can be exploited by malicious people to conduct cross-site scripting attacks.
4e1ca95fd0d38eb98d534899680e37d6c8b00ec567327ad9b7a0122f1213b9f4Secunia Security Advisory - Luigi Auriemma has reported a vulnerability in MetaStock, which can be exploited by malicious people to compromise a user's system.
eede32a6c2772c8b7dd150aac903ac1ad82597b2dd73d682432ae810bc3e13e0Secunia Security Advisory - Two vulnerabilities have been reported in ReviewBoard, which can be exploited by malicious users to conduct script insertion attacks.
d93a8a8f8cce2fc89003afb235a5201ed15812b3dcdf8273ccd2b8bb7e40692fSecunia Security Advisory - Jose Carlos de Arriba has discovered two vulnerabilities in Infoblox Trinzic NetMRI, which can be exploited by malicious people to conduct cross-site scripting attacks.
d6d3d3a1aab732694876ffa4a1b55272ff7dd0786a6bd3fbcedf30dffb142d72Ubuntu Security Notice 1264-1 - It was discovered that Bind incorrectly handled certain specially crafted packets. A remote attacker could use this flaw to cause Bind to crash, resulting in a denial of service.
5b3036197efa4d350f9371059d42694a829151802d7840a2a661f4b8dc2988e4Debian Linux Security Advisory 2347-1 - It was discovered that BIND, a DNS server, crashes while processing certain sequences of recursive DNS queries, leading to a denial of service. Authoritative-only server configurations are not affected by this issue.
c7792c9286029e0385042cfccf0f8afdb317c3dca089b50146e8b913bc8e48f7Red Hat Security Advisory 2011-1456-01 - JBoss Enterprise SOA Platform 5.2.0, which fixes two security issues, various bugs, and adds enhancements is now available from the Red Hat Customer Portal. A cross site scripting vulnerability was found in JRuby. It was found that the invoker servlets, deployed by default via httpha-invoker, only performed access control on the HTTP GET and POST methods, allowing remote attackers to make unauthenticated requests by using different HTTP methods.
4f09ed673fadcf7173dc16bfee24fd4db8403b3cc1f7cbbfd04c636f43183459Mandriva Linux Security Advisory 2011-176 - A vulnerability was discovered and corrected in bind. A cache lookup could return RRSIG data associated with nonexistent records, leading to an assertion failure. The updated packages have been upgraded to bind 9.7.4-P1 and 9.8.1-P1 which is not vulnerable to this issue.
fb80d35154c4a65d74dd4625a4d800d7ebb54b9e496cc615bab0fa89b767ef9aCA Technologies Support is alerting customers to a potential risk with CA Directory. A vulnerability exists that can allow a remote attacker to cause a denial of service condition. Remediation is available to address the vulnerability. The vulnerability occurs due to insufficient bounds checking. A remote attacker can send a SNMP packet that can cause a crash.
2504afdbecc5337cc2f3bedfcdb2f35357e06e9213344c8bb32f8190347818d5Zero Day Initiative Advisory 11-330 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft Web Studio. Authentication is not required to exploit this vulnerability. The flaw exists within the Remote Agent component (CEServer.exe) which listens by default on TCP port 4322. When handling incoming requests the process fails to perform any type of authentication. Many available operations allow direct manipulation and creation of files on disk, loading of arbitrary DLLs and process control. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the User.
489894b63395a6aa133588330df21b715cfdf69761dcdde7b0da96353e321e7eUbuntu Security Notice 1263-1 - Deepak Bhole discovered a flaw in the Same Origin Policy (SOP) implementation in the IcedTea web browser plugin. This could allow a remote attacker to open connections to certain hosts that should not be permitted. Juliano Rizzo and Thai Duong discovered that the block-wise AES encryption algorithm block-wise as used in TLS/SSL was vulnerable to a chosen-plaintext attack. This could allow a remote attacker to view confidential data. Various other issues were also addressed.
e680bb4623894a3ca25991e365c4088d66f2764116df9d3747585f7fab459a39The Thotcon 0x3 Call For Papers is now open. The conference will take place in Chicago, IL on April 27nd, 2012.
4ba7f8f9d5d84846fa23e6d4f0436746287fc6cac4be8b524a12b77cc017f94fSecunia Security Advisory - A vulnerability has been reported in Juniper Junos, which can be exploited by malicious people to bypass certain security restrictions.
31caf995dcbdcc45328b21cc63fc2006c9e06b259429e5818928423199aed36dSecunia Security Advisory - Red Hat has issued an update for JBoss Enterprise SOA Platform. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.
507d088243a9ae2aad86f1cf041523bcc397b669619e5576a588db9a486e467cSecunia Security Advisory - A security issue has been reported in Dovecot, which can be exploited by malicious people to conduct spoofing attacks.
bd8958539c6a4e96d0b9d1edc6740fdb1d8250288d146f05875365b36ff733dfSecunia Security Advisory - A vulnerability has been reported in nginx, which can be exploited by malicious people to potentially compromise a vulnerable system.
8f928055980f668da72bc91c4a860e89319b0713a1e318f8afad9e88c5c0f814Secunia Security Advisory - AutoSec Tools has discovered multiple vulnerabilities in V-CMS, which can be exploited by malicious people to conduct cross-site scripting attacks, SQL injection attacks, and compromise a vulnerable system.
5dc4eea987d3c218fd651f0f0025e74df4e3d78b1b304e0701f25f8b8f310d6fRed Hat Security Advisory 2011-1455-01 - FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 and 6 provide only the FreeType 2 font engine. Multiple input validation flaws were found in the way FreeType processed CID-keyed fonts. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
ec69fb3485e06068573e9dd1e5c2f4b0504da22c512e8de60d5baab2ea5e857cDebian Linux Security Advisory 2346-2 - The ProFTPD security update, DSA-2346-1, introduced a regression, preventing successful TLS connections. This regression does not affected the stable distribution (squeeze), nor the testing and unstable distributions.
2c741817b56678426ef6c637f2e3574cb0c40b669b506fd3585c4f936cddb790Zero Day Initiative Advisory 11-329 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft WebStudio. Authentication is not required to exploit this vulnerability. The flaw exists within the CEServer component which is used as a runtime dependency for applications deployed using Indusoft WebStudio. When handling the Remove File operation (0x15) the process blindly copies user supplied data to a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
7d1a3ab5327ab886bcdf60133ec7548633c2606fe9cb4da9e31ef77badf69036The SonicWALL Aventail SSL-VPN suffers from a remote SQL injection vulnerability.
50d808ee714423eff293cd2e86943f50a1eee9dfbb7447f0d91d5eaf91c81044
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed